The Register® — Biting the hand that feeds IT

PGP Outlook plugin has major security hole

Relax, there's a patch

Free whitepaper – Capacity management in virtual infrastructures

A malicious e-mail can create a buffer overrun in Network Associates' PGP plugin for MS Outlook on Windows, which in turn can be used to run arbitrary code with the user's level of privilege. At a minimum this could compromise the user's passphrase and expose his encrypted messages, and at a maximum surrender control of the machine. Attachments do not need to be activated; merely selecting the malicious message is sufficient.

PGP Desktop Security 7.0.4, Personal Security 7.0.3 and Freeware 7.0.3 are affected. NAI has a hotfix posted here. The issue was discovered by eEye's Marc Maiffret. ®

Free whitepaper – Ensuring high service levels in cloud computing

Don’t Miss

Microsoft Office logoOffice 2010 fights Google with SharePoint bloat

Review Decent upgrade gets out of shape

Ubuntu teaser Ubuntu's Karmic Koala bares fangs at Windows 7

Review Shuttleworthian scrap

AppleChange your views: OS X tags exploited

Mac Secrets Apple windows insider

MicrosoftMicrosoft 'Dallas' muscles Google data crusade

PDC Crunches Red Planet